Code: Select all
<?php
session_start();
?>
<body>
<html>
<?php
include "layout.php";
?>
<div id="contnt">
<?php
include("dogs.inc");
switch (@$_POST['do'])
{
case "login":
$cxn = mysqli_connect($host, $user,$passwd,$dbname)
or die ("Couldn't connect to server.");
$sql = "SELECT loginName FROM Member
WHERE loginName='$_POST[loginName]'";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute query.");
$num = mysqli_num_rows($result);
if ($num > 0) // login name was found
{
$sql = "SELECT loginName FROM Member
WHERE loginName='$_POST[loginName]'
AND password=md5('$_POST[password]')";
$result2 = mysqli_query($cxn,$sql)
or die("Couldn't execute query 2.");
$num2 = mysqli_num_rows($result2);
if ($num2 > 0) // password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['loginName'];
$_SESSION['logname'] = $logname;
$today = date("Y-m-d h:i:s");
$sql = "INSERT INTO Login (loginName,loginTime)
VALUES ('$logname','$today')";
$result = mysqli_query($cxn,$sql)
or die("Can't execute insert query.");
header("Location: Member_page.php");
}
else // password is not correct
{
$message="The Login Name, '$_POST[loginName]'
exists, but you have not entered the
correct password! Please try again.<br>";
include("login_form.inc");
}
}
elseif ($num == 0) // login name not found
{
$message = "The Login Name you entered does not
exist! Please try again.<br>";
include("login_form.inc");
}
break;
default:
include("login_form.inc");
}
?>
</div>
</div>
</body>
</html>